<?php

return [
    /*
    |--------------------------------------------------------------------------
    | 权限配置
    |--------------------------------------------------------------------------
    |
    | 系统权限按照功能模块进行组织，每个功能包含多个相关的权限
    | 权限采用功能导向的设计，便于非专业人士理解和配置
    |
    */

    'modules' => [
        /*
        |--------------------------------------------------------------------------
        | 用户管理权限
        |--------------------------------------------------------------------------
        */
        'user_management' => [
            'label' => '用户管理',
            'description' => '管理系统用户账户',
            'permissions' => [
                'user.view' => [
                    'label' => '查看用户',
                    'description' => '查看用户列表和详情',
                    'routes' => ['GET /api/users', 'GET /api/users/{id}'],
                ],
                'user.create' => [
                    'label' => '创建用户',
                    'description' => '创建新用户账户',
                    'routes' => ['POST /api/users'],
                ],
                'user.update' => [
                    'label' => '编辑用户',
                    'description' => '修改用户信息',
                    'routes' => ['PUT /api/users/{id}'],
                ],
                'user.delete' => [
                    'label' => '删除用户',
                    'description' => '删除用户账户',
                    'routes' => ['DELETE /api/users/{id}'],
                ],
                'user.reset_password' => [
                    'label' => '重置密码',
                    'description' => '重置用户密码',
                    'routes' => ['POST /api/users/{id}/reset-password'],
                ],
                'user.manage' => [
                    'label' => '用户管理',
                    'description' => '完整的用户管理权限',
                    'routes' => ['GET /api/users', 'POST /api/users', 'GET /api/users/{id}', 'PUT /api/users/{id}', 'DELETE /api/users/{id}'],
                ],
            ],
        ],

        /*
        |--------------------------------------------------------------------------
        | 员工管理权限
        |--------------------------------------------------------------------------
        */
        'employee_management' => [
            'label' => '员工管理',
            'description' => '管理员工基础信息',
            'permissions' => [
                'employee.view' => [
                    'label' => '查看员工',
                    'description' => '查看员工列表和详情',
                    'routes' => ['GET /api/employees', 'GET /api/employees/{id}'],
                ],
                'employee.create' => [
                    'label' => '创建员工',
                    'description' => '创建新员工档案',
                    'routes' => ['POST /api/employees'],
                ],
                'employee.update' => [
                    'label' => '编辑员工',
                    'description' => '修改员工信息',
                    'routes' => ['PUT /api/employees/{id}'],
                ],
                'employee.delete' => [
                    'label' => '删除员工',
                    'description' => '删除员工档案',
                    'routes' => ['DELETE /api/employees/{id}'],
                ],
                'employee.import' => [
                    'label' => '导入员工',
                    'description' => '批量导入员工数据',
                    'routes' => ['POST /api/employees/import'],
                ],
                'employee.export' => [
                    'label' => '导出员工',
                    'description' => '导出员工数据',
                    'routes' => ['GET /api/employees/export'],
                ],
                'employee.manage' => [
                    'label' => '员工管理',
                    'description' => '完整的员工管理权限',
                    'routes' => ['GET /api/employees', 'POST /api/employees', 'GET /api/employees/{id}', 'PUT /api/employees/{id}', 'DELETE /api/employees/{id}'],
                ],
            ],
        ],

        /*
        |--------------------------------------------------------------------------
        | 组织架构权限
        |--------------------------------------------------------------------------
        */
        'organization_management' => [
            'label' => '组织架构管理',
            'description' => '管理部门、岗位和组织结构',
            'permissions' => [
                'department.view' => [
                    'label' => '查看部门',
                    'description' => '查看部门结构',
                    'routes' => ['GET /api/departments', 'GET /api/departments/tree'],
                ],
                'department.manage' => [
                    'label' => '管理部门',
                    'description' => '创建、编辑、删除部门',
                    'routes' => ['POST /api/departments', 'PUT /api/departments/{id}', 'DELETE /api/departments/{id}'],
                ],
                'position.view' => [
                    'label' => '查看岗位',
                    'description' => '查看岗位信息',
                    'routes' => ['GET /api/positions'],
                ],
                'position.manage' => [
                    'label' => '管理岗位',
                    'description' => '创建、编辑、删除岗位',
                    'routes' => ['POST /api/positions', 'PUT /api/positions/{id}', 'DELETE /api/positions/{id}'],
                ],
            ],
        ],

        /*
        |--------------------------------------------------------------------------
        | 薪资管理权限
        |--------------------------------------------------------------------------
        */
        'salary_management' => [
            'label' => '薪资管理',
            'description' => '管理薪资体系和发放',
            'permissions' => [
                'salary.view' => [
                    'label' => '查看薪资',
                    'description' => '查看薪资信息',
                    'routes' => ['GET /api/salaries', 'GET /api/salaries/{id}'],
                ],
                'salary.calculate' => [
                    'label' => '薪资计算',
                    'description' => '计算员工薪资',
                    'routes' => ['POST /api/salaries/calculate'],
                ],
                'salary.approve' => [
                    'label' => '薪资审批',
                    'description' => '审批薪资调整',
                    'routes' => ['POST /api/salaries/{id}/approve'],
                ],
                'salary.export' => [
                    'label' => '薪资导出',
                    'description' => '导出薪资报表',
                    'routes' => ['GET /api/salaries/export'],
                ],
            ],
        ],

        /*
        |--------------------------------------------------------------------------
        | 考勤管理权限
        |--------------------------------------------------------------------------
        */
        'attendance_management' => [
            'label' => '考勤管理',
            'description' => '管理考勤记录和统计',
            'permissions' => [
                'attendance.view' => [
                    'label' => '查看考勤',
                    'description' => '查看考勤记录',
                    'routes' => ['GET /api/attendance', 'GET /api/attendance/{id}'],
                ],
                'attendance.import' => [
                    'label' => '考勤导入',
                    'description' => '导入考勤数据',
                    'routes' => ['POST /api/attendance/import'],
                ],
                'attendance.approve' => [
                    'label' => '考勤审批',
                    'description' => '审批考勤异常',
                    'routes' => ['POST /api/attendance/{id}/approve'],
                ],
                'attendance.report' => [
                    'label' => '考勤报表',
                    'description' => '生成考勤统计报表',
                    'routes' => ['GET /api/attendance/report'],
                ],
            ],
        ],

        /*
        |--------------------------------------------------------------------------
        | 系统管理权限
        |--------------------------------------------------------------------------
        */
        'system_management' => [
            'label' => '系统管理',
            'description' => '管理系统设置和配置',
            'permissions' => [
                'system.config' => [
                    'label' => '系统配置',
                    'description' => '管理系统配置',
                    'routes' => ['GET /api/system/config', 'PUT /api/system/config'],
                ],
                'system.backup' => [
                    'label' => '数据备份',
                    'description' => '备份系统数据',
                    'routes' => ['POST /api/system/backup'],
                ],
                'system.restore' => [
                    'label' => '数据恢复',
                    'description' => '恢复系统数据',
                    'routes' => ['POST /api/system/restore'],
                ],
                'system.logs' => [
                    'label' => '系统日志',
                    'description' => '查看和管理系统日志',
                    'routes' => ['GET /api/logs', 'GET /api/logs/{id}', 'DELETE /api/logs/{id}', 'POST /api/logs/batch-delete', 'GET /api/logs/statistics', 'GET /api/logs/export', 'POST /api/logs/cleanup', 'GET /api/logs/modules', 'GET /api/logs/levels', 'GET /api/logs/operation-types'],
                ],
            ],
        ],

        /*
        |--------------------------------------------------------------------------
        | 报表权限
        |--------------------------------------------------------------------------
        */
        'report_management' => [
            'label' => '报表管理',
            'description' => '管理系统报表',
            'permissions' => [
                'report.view' => [
                    'label' => '查看报表',
                    'description' => '查看各类报表',
                    'routes' => ['GET /api/reports/{type}'],
                ],
                'report.create' => [
                    'label' => '创建报表',
                    'description' => '创建自定义报表',
                    'routes' => ['POST /api/reports'],
                ],
                'report.export' => [
                    'label' => '导出报表',
                    'description' => '导出报表数据',
                    'routes' => ['GET /api/reports/{id}/export'],
                ],
            ],
        ],
    ],

    /*
    |--------------------------------------------------------------------------
    | 角色配置
    |--------------------------------------------------------------------------
    |
    | 预定义的角色及其权限配置
    |
    */
    'roles' => [
        'super_admin' => [
            'label' => '超级管理员',
            'description' => '拥有系统所有权限',
            'permissions' => ['*'], // 所有权限
        ],

        'hr_admin' => [
            'label' => '人事管理员',
            'description' => '人事管理相关权限',
            'permissions' => [
                // 用户管理
                'user.view', 'user.create', 'user.update', 'user.reset_password',

                // 员工管理
                'employee.view', 'employee.create', 'employee.update', 'employee.import', 'employee.export',

                // 组织架构
                'department.view', 'department.manage',
                'position.view', 'position.manage',

                // 薪资管理
                'salary.view', 'salary.calculate', 'salary.approve', 'salary.export',

                // 考勤管理
                'attendance.view', 'attendance.import', 'attendance.approve', 'attendance.report',

                // 报表
                'report.view', 'report.create', 'report.export',
            ],
        ],

        'department_manager' => [
            'label' => '部门经理',
            'description' => '部门管理权限',
            'permissions' => [
                // 员工管理（本部门）
                'employee.view', 'employee.update',

                // 考勤管理（本部门）
                'attendance.view', 'attendance.approve',

                // 薪资查看（本部门）
                'salary.view',

                // 报表查看
                'report.view',
            ],
        ],

        'employee' => [
            'label' => '普通员工',
            'description' => '基本查看权限',
            'permissions' => [
                // 个人员工信息查看
                'employee.view', // 仅限本人

                // 考勤查看
                'attendance.view', // 仅限本人

                // 薪资查看
                'salary.view', // 仅限本人

                // 组织架构查看
                'department.view',
                'position.view',
            ],
        ],
    ],

    /*
    |--------------------------------------------------------------------------
    | 权限验证配置
    |--------------------------------------------------------------------------
    */
    'validation' => [
        'cache_ttl' => 3600, // 权限缓存时间（秒）
        'strict_mode' => true, // 严格模式：未配置权限的接口需要明确授权
        'super_admin_bypass' => true, // 超级管理员绕过权限检查
    ],
];
